rpms / compat-exiv2-026

Clone
Source Code
GIT

Blame SOURCES/exiv2-CVE-2021-31292.patch

c7 c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s
  1.   c0eeff27617c2c38ca015453297eb6c243e184af
  2.   SOURCES
  3.   exiv2-CVE-2021-31292.patch
Blob History Raw
aa9105 
From 9b7a19f957af53304655ed1efe32253a1b11a8d0 Mon Sep 17 00:00:00 2001
aa9105 
From: Kevin Backhouse <kevinbackhouse@github.com>
aa9105 
Date: Fri, 9 Apr 2021 13:37:48 +0100
aa9105 
Subject: [PATCH] Fix integer overflow.
aa9105
aa9105 
---
aa9105 
 src/crwimage.cpp | 6 +++++-
aa9105 
 1 file changed, 5 insertions(+), 1 deletion(-)
aa9105
aa9105 
diff --git a/src/crwimage.cpp b/src/crwimage.cpp
aa9105 
index ca79aa7..cd6200c 100644
aa9105 
--- a/src/crwimage.cpp
aa9105 
+++ b/src/crwimage.cpp
aa9105 
@@ -1326,7 +1326,11 @@ namespace Exiv2 {
aa9105 
                                                  pCrwMapping->crwDir_);
aa9105 
         if (edX != edEnd || edY != edEnd || edO != edEnd) {
aa9105 
             uint32_t size = 28;
aa9105 
-            if (cc && cc->size() > size) size = cc->size();
aa9105 
+            if (cc) {
aa9105 
+              if (cc->size() < size)
aa9105 
+                throw Error(kerCorruptedMetadata);
aa9105 
+              size = cc->size();
aa9105 
+            }
aa9105 
             DataBuf buf(size);
aa9105 
             std::memset(buf.pData_, 0x0, buf.size_);
aa9105 
             if (cc) std::memcpy(buf.pData_ + 8, cc->pData() + 8, cc->size() - 8);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation